From 874a30391973642d3ff350f977c1ac705644fbb0 Mon Sep 17 00:00:00 2001 From: Greg Price Date: Wed, 6 Aug 2008 01:07:22 -0400 Subject: [PATCH] add and respect 'adminable' column to machines This is for selectively, temporarily, manually enabling admin mode for a VM. Where it's not set, admin mode now bypasses quotas and does nothing else. svn path=/trunk/packages/sipb-xen-www/; revision=874 --- code/validation.py | 3 ++- code/webcommon.py | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/code/validation.py b/code/validation.py index 79fa10c..2e6c7c3 100644 --- a/code/validation.py +++ b/code/validation.py @@ -125,7 +125,8 @@ def cantAddVm(owner, g): def haveAccess(user, state, machine): """Return whether a user has administrative access to a machine""" - return state.isadmin or user in cache_acls.accessList(machine) + return (user in cache_acls.accessList(machine) + or (machine.adminable and state.isadmin)) def owns(user, machine): """Return whether a user owns a machine""" diff --git a/code/webcommon.py b/code/webcommon.py index e82f790..eaf533c 100644 --- a/code/webcommon.py +++ b/code/webcommon.py @@ -1,6 +1,7 @@ """Exceptions for the web interface.""" import time +from invirt import database from invirt.database import Machine, MachineAccess class MyException(Exception): @@ -44,7 +45,9 @@ class State(object): def getMachines(self): if self.isadmin: - return Machine.select() + return Machine.query().join('acl').select_by( + database.or_(MachineAccess.c.user == self.username, + Machine.c.adminable == True)) else: return Machine.query().join('acl').select_by(user=self.username) -- 1.7.9.5